Fail to establish database connection

I did a backup for my client’s website for both the web files and sql. Now, I am trying to restore it to my cpanel. I have no problem restoring the web files but the sql automatically change the name to xx_databasename. And when I tried to see the website live, it says there is a problem to establish a database connection.

Does anyone know how to solve this issue?

What prevents someone from spoofing their public key when trying to establish an SSH connection?

Recently I’ve been trying to learn the mechanisms behind SSH keys but I came across this question that I haven’t been able to find an answer to (I haven’t figured out how to word my question such that searching it would give me the answer).

Basically, we add our local machine’s public key to the server’s authorized_keys file which allows us to be authenticated automatically when we try to ssh into the server later on. My question is: what if someone takes my public key (it is public after all) and replaces their public key with it? When the "attacker" tries to connect to the server, what part of the process allows the server to know that they do not have the correct private key?

I read somewhere that for RSA, it is possible for a user (let’s say user A) to encrypt/sign a message with their private key, and then for others to decrypt this message using A‘s public key, thus proving that A is really who they claim to be. However, apparently, this is not true for all cryptosystems, where it is not possible to sign with a private key (according to What happens when encrypting with private key?, feel free to correct this information if it is wrong). In those cases, how does the server make sure that the user is really who they claim to be?

Establish secure connection to localhost in Firefox

I have a Greenbone Security Assistant that has me connect to 127.0.0.1 port 9392, with the command:

sudo openvas-start firefox http://localhost:9392 

in Firefox. But before (and sometimes after) connecting, Firefox throws a lot of errors about insecure connection, and always highlights the better part of the URL in red. This also happens when connecting to localhost for, say, Autopsy. Is there any way I can establish a secure connection to localhost? Maybe from the terminal, in the firefox http://whateverURLforyourapp command?

How can a Unicorn establish a foreign location as its own lair, when it’s already the lair of a Lich?

The party’s Cleric and Wizard have worked together to summon and bind a Unicorn to their side for a year and a day. Now they get to enjoy an intelligent mount with legendary actions, teleportation, and extra healing. It can even have a lair of its own.

The party has gone inside a Lich’s domain. Is there anything the party can have the Unicorn do so that it can establish this very same location as its own domain, such that it becomes the lair of both the Lich and the Unicorn? If so, what does that process look like?

As an important note, this particular Lich is very pointedly not interfering with the party’s preparations up until they meet. This campaign is more of a hack and slash, so there’s not really any deeper underlying reason as to why. What is important is that it doesn’t violate the rules.

Here’s the subcomponents of this question, as I see it:

  1. Can any creature turn any location into its lair?

  2. Can more than one creature treat the same location as their lair?

  3. What is the process for a creature turning an area into its lair?

I believe the answers to (1) and (2) are yes because there isn’t a specific rule that I know of that forbids this, so the main question here is (3). However, if you can cite a rule that shows the answer to (1) or (2) is a “no,” I believe that in this scenario it renders the succeeding questions moot, so that’s also an acceptable answer.

Establish a symmetric key: KDF based on shared secret and random salt or key wrapping?

I am designing a basic KMS based on a simple HSM, I only have access to: AES256, SHA256, PBKDF2, HMAC (and combinations like AES256-HMAC-SHA256). The admin and the users of the system have a personal HSM where the keys are stored and it works like this:

  1. The administrator generates a key inside his HSM with PBKDF2 (random salt and random seed)
  2. The HSM of the administrator encrypts the new key using AES-256 with a different symmetric key for each user (the key used for key wrapping was established during the physical initialization of the HSM of the user) and sends it to every user that needs it along with key’s metadata. The whole payload (encrypted key value + key’s metadata) is encrypted another time with AES256 with another unique key for each user.
  3. The payload reaches the user that, thanks to the two symmetric keys previously shared with the admin (during the HSM physical initialization), is able to retrieve the requested key and metadata.

I was thinking about another possible approach that could be better but I am not really sure about it:

  1. The administrator establishes a shared secret common to every user of the system. This secret is stored in every HSM belonging to the users or to the administrator.
  2. When a key must be generated, the administrator computes it with PBKDF2 using the common secret and a random salt.
  3. When a key must be sent to any user, only the salt that was used by the administrator is actually sent to the user. The salt may be encrypted with a pre-shared symmetric key (like the example above) and it is used by every user along with the shared secret to generate again the key.

The first approach has the following problems: I need to send the actual key value, I have to perform two encryptions, the HSM must offer an API to retrieve from its internal flash memory the actual value of a key (as cleartext or ciphertext depending on the choice of the caller, the API can be called only if the administrator is logged in the HSM and it can’t be called if the user is logged).

The second approach has the following problems: the secret is common to all users so if an attacker finds the secret of a single user, he founds the secret of everyone. The HSM must offer an API to retrieve the secret as cleartext from its internal flash memory because the secret must be the same for every user, even for users that are added to the system weeks/months later (again this API is callable only if the administrator is logged in the HSM).

I suppose that the second approach, in principle, could be better because the keys are not actually sent from the administrator to the users. But the secret common to everybody is a problem, moreover I imagine that if an attacker finds out the value of a random salt, he may simply try to compute all possible keys given that salt using PBKDF2 and all possible seeds (because the implementation is open source so he knows that the secret is 32 bytes long and he also has access to the PBKDF2 code).

In conclusion I think that in the real world the first approach is more secure, provided that the login as administrator to the HSM is protected by a very complex PIN and possibly by a second factor (i.e. fingerprint). Do you agree? Any thoughts about other vulnerabilities in my approach?

I keep getting this notification from Bitdefender: chrome.exe attempted establish a connection relying on an expired certificate to logs.gettoby.com

Every two fucking minutes I get four notifications like this and it has been going on for two days. It’s driving me mad. Can anyone help me get rid of this? I don’t even own Toby, I didn’t even know what it was until this.

I also get a lot of this: chrome.exe attempted to establish a connection relying on an expired certificate to www.nottfo.com. We blocked the connection to keep your data safe since web pages must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk.

What even is Nottfo?

What are the exact steps to establish a HTTPS/SSL connection?

Before asking this question I got through a lot of posts for finding a simple explanation about:

  • How an HTTPS/SSL connection establishes?

but I could not find a good one, in addition here, i can ask more question until it becomes clear for me, it may also be helpful for many others. And also there is another question Related to this topic:

  • How the client generates the privet key?

Suddenly not working on Ubuntu Digital Ocean: urllib3 Failed to establish a new connection: [Errno -5] No address associated with hostname

It was working fine a week ago, but all of a sudden it stopped working.

Steps to reproduce:

Python 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import requests >>> requests.get('http://google.com',{}) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/lib/python2.7/dist-packages/requests/api.py", line 67, in get     return request('get', url, params=params, **kwargs)   File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request     return session.request(method=method, url=url, **kwargs)   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 480, in request     resp = self.send(prep, **send_kwargs)   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send     history = [resp for resp in gen] if allow_redirects else []   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 211, in resolve_redirects     **adapter_kwargs   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 588, in send     r = adapter.send(request, **kwargs)   File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 437, in send     raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPConnectionPool(host='www.google.com', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7fc5076e7950>: Failed to establish a new connection: [Errno -5] No address associated with hostname',)) 

Expected output:

<Response [200]> 

What events, tests, and troubles could a party trying to establish a nation expect to face

My players have decided to establish a new nation which consists of Phandalin, Triboar, Red Larch, and all lands in between (per their own highly unofficial declaration). I’m trying to come up with some things to present these new kings and queens that will test their abilities to govern well. Anyone have any ideas mechanics to use to test them without getting too bogged down with the less exciting aspects of being a politician.

A few details that might help:

  • The party is level 12
  • They are a generally chaotic good party consisting of a Rogue,
    Sorcerer, Druid/Ranger, and Rogue/Warlock

  • The campaign started with Lost Mines of Phandelver and transitioned
    into a slightly homebrewed version of Princes of the Apocalypse

  • There is a zombie apocalypse which has destroyed all known
    civilization south of Waterdeep which has created a huge refugee
    issue in the North.

  • Neverwinter recently got infected with the plague and the party
    kidnapped/rescued King Neverember. He’s currently a political
    hostage.

  • Lords Alliance is the main government entity in the region. They used the Witch Hunters, Neverwinter, and Waterdeep as their military forces.

  • The reason the nation was established is because the party freed
    Triboar from the rule of “The Witch Hunters” who had taken it over to create themselves a headquarters from which to hunt down and kill or imprison all Arcane and Nature magic users. So when the party cut the head off the snake they didn’t want to let the locals fall into
    chaos, especially with all of the plague and refugee stuff going on.